From 1ec18949bc13ff97fb40f202a8750ace508647c5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 13 Nov 2025 08:23:19 +1000
Subject: [PATCH] TLS 1.3 duplicate KeyShare entry fix

Fix comparison to be greater than or equal in case count is incremented
after maxing out.
---
 src/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index 6d087f3d3..3004bc328 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -9830,7 +9830,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
         return BUFFER_ERROR;
 
     if (seenGroups != NULL) {
-        if (*seenGroupsCnt == MAX_KEYSHARE_NAMED_GROUPS) {
+        if (*seenGroupsCnt >= MAX_KEYSHARE_NAMED_GROUPS) {
             return BAD_KEY_SHARE_DATA;
         }
         for (i = 0; i < *seenGroupsCnt; i++) {